Apache 2.0.43 was released on 3rd October 2002 and is
now the latest version of the Apache 2.0 server. The previous
release was 2.0.42, released on the 24th September 2002.
See
what was new in Apache 2.0.42.

Security issues

Fix the security vulnerability regarding a cross-site scripting
vulnerability in the default error page when using wildcard DNS.
CAN-2002-0840

Fix the exposure of CGI source when a POST request is sent to
a location where both DAV and CGI are enabled.
CAN-2002-1156

Fix the security vulnerability regarding some possible
overflows in ab.c which could be exploited by a malicious server.
CAN-2002-0843

Bugs fixed

The following bugs were found in Apache 2.0.42 and have been
fixed in Apache 2.0.43:

The UserDir directive has been fixed
to again take a list of user names to enable userdir access for,
as per 1.3.

Flushing behaviour has been improved, to ensure that available
response output is flushed when no new output is pending; helping
streaming CGIs and other dynamically-generated content

mod_auth_ldap has been fixed to retry
connections to the LDAP server if it becomes unavailable.

Fix for a locking problem in mod_ssl's session
cache code which could cause infinite loops on some platforms

Fixes for mod_cache to prevent a segfault
when attempting to cache some combinations of content (for instance,
when using SSI tags which execute CGI scripts), and to correct
the CacheMaxStreamingBuffer directive
for virtual hosts

The default server root directory in suexec has
been fixed to match the default install root

mod_proxy was fixed to not strip
WWW-Authenticate headers on 4xx error responses which
prevented server authentication to be performed via the proxy

New features

A new module, mod_logio, has been added which
allows logging of the number of bytes sent and received by the server.

A -p option has been added to apxs
to allow programs to be be compiled using this tool.